Over the last few years, the construction industry has seen a shift to e-commerce and online operations. It means equipment buyers and sellers can enjoy the many benefits of a truly global, virtual marketplace. However, this digital transformation also means that companies have to ensure that their cybersecurity strategies are up-to-date. To help you protect your business, Ritchie Bros. has created a free guide for equipment owners that will support them in taking the right steps.
Digital transformation is a natural evolution in the construction industry – it’s a trend that is here to stay, and the ongoing COVID-19 pandemic and national lockdowns have further accelerated this transition. Ritchie Bros. has seen this first-hand, with 308,000 equipment sales via online channels in the first six months of 2020 and buyers from 140 countries. Moving more business online means new rewards but also new risks. Companies must take precautions to keep their online activities safe. To help you grow and get the most out of your business, Ritchie Bros. wants to share its tips and tricks to keeping cyber threats at bay.
While threats in the digital landscape are constantly evolving, the good news is that so is technology. Simply by staying up to date with technology can go a long way towards ensuring you have a solid protection base. At the same time, it’s a good idea to ensure the individual(s) managing cybersecurity in the organization are aware of the latest threats. At Ritchie Bros., our cybersecurity team attends seminars and conferences, both to learn and contribute to the global cybersecurity community. Much staying up to date can be done for free, too, taking advantage of resources such as The European Cybersecurity Month or Cyber Security Training Course.
According to several sources, such as The Wall Street Journal and TechHQ, construction companies are more susceptible to cyber-attacks and ransoms due to their decentralized business structures and limited awareness of risks. Cyber threats are continually evolving but understanding what they are is crucial to having a strong defense. Three of the most common threats are:
This malicious software blocks access to your computer system until a ransom is paid.
Be aware not to open suspicious attachments or links in emails. Invest in controls to protect against ransomware, and ensure you back up your data to make a recovery easier.
This is the easiest way to get hit. Through communication – designed to seem trustworthy – the scammer will attempt to obtain information such as usernames, passwords, or private personal information. Developing a program of regular training and consider using digital tools to help safeguard your network.
Criminals attempt to extract either information or money from recipients.
In addition to running awareness programs around this threat, companies should also have a system where employees or customers can report incidents.
Construction companies generally understand the importance of investing in the right equipment, which should be extended to safeguarding online operations. In particular, construction companies should consider the following:
• Purchase software from companies you trust.
• Invest in email protection.
• Rethink your network and server security priorities and invest in solutions designed for cloud-based working.
• Consider investing in machine learning (ML) and Artificial Intelligence (AI) to detect and respond.
While many construction businesses are well experienced with team members operating from multiple locations, the rise of working from home during the coronavirus pandemic is set to continue, so it’s important to have appropriate processes in place for it. There are several requirements companies can ask of those working from home, including:
• Secure WiFi routers and access points in the home.
• If using a home/personal workstation for business, make sure you have antivirus protection.
• Avoid sharing a machine with others.
• Encrypt sensitive data.
• Follow good practice during video conferencing calls.
As a construction company, you will have information such as employee files, customer accounts, project plans, and more that is commercially sensitive and must be protected. Your organization should have at least one person overseeing data privacy, and their responsibilities should include:
• Ensuring there are written policies, guidelines, and procedures around data.
• Training team members on how to handle and process data.
• Providing transparency in how data is stored, shared, and processed.
• Having a Data Processing Agreement with third parties.
Cybersecurity can seem like a daunting topic, but there are many ways to keep you and your business safe – and you don’t have to do it alone. There are many cybersecurity consultants that can help your business, and Ritchie Bros. has created an easy to follow report on cybersecurity to help you get started.